frame-src doesn't respect the nonce attribute

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
author: Roeland Jago Douma <roeland@famdouma.nl> 2019-08-16 21:29:57 +0200
committer: Roeland Jago Douma <roeland@famdouma.nl> 2019-08-16 21:29:57 +0200
commit: c4cafae884edd5d391c7df6cb995d642496dbfd5 (patch)
tree: ae15e5dc4d6eead5b6bf9f657ee75fc57c76e6f5 /lib
parent: 6db355848b624d7e48257a8a85eb35b3b8f9b9f5 (diff)
download: nextcloud-server-c4cafae884edd5d391c7df6cb995d642496dbfd5.tar.gz
nextcloud-server-c4cafae884edd5d391c7df6cb995d642496dbfd5.zip
1 files changed, 0 insertions, 3 deletions
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index de892aacf26..b3f341ab054 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -494,9 +494,6 @@ class EmptyContentSecurityPolicy {
 
 		if(!empty($this->allowedFrameDomains)) {
 			$policy .= 'frame-src ';
-			if(is_string($this->useJsNonce)) {
-				$policy .= '\'nonce-' . base64_encode($this->useJsNonce) . '\' ';
-			}
 			$policy .= implode(' ', $this->allowedFrameDomains);
 			$policy .= ';';
 		}
author	Roeland Jago Douma <roeland@famdouma.nl>	2019-08-16 21:29:57 +0200
committer	Roeland Jago Douma <roeland@famdouma.nl>	2019-08-16 21:29:57 +0200
commit	c4cafae884edd5d391c7df6cb995d642496dbfd5 (patch)
tree	ae15e5dc4d6eead5b6bf9f657ee75fc57c76e6f5 /lib
parent	6db355848b624d7e48257a8a85eb35b3b8f9b9f5 (diff)
download	nextcloud-server-c4cafae884edd5d391c7df6cb995d642496dbfd5.tar.gz nextcloud-server-c4cafae884edd5d391c7df6cb995d642496dbfd5.zip